Australia’s new data breach laws require businesses and government entities to disclose hacks and leaks that cause “serious harm”, with fines of up to $2.1 million for those who don’t comply, but experts say the agency responsible for enforcing them may not have the resources to do so.